Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/sbnQW6oPMIiNUyJZFdoKMg3xWF0.roa
File:                     sbnQW6oPMIiNUyJZFdoKMg3xWF0.roa (raw, json)
Hash identifier:          3D0H4S/qpmPPSHQyJ9ValO9Qxl6raepFEzTUldwega8=
Subject key identifier:   B1:B9:D0:5B:AA:0F:30:88:8D:53:22:59:15:DA:0A:32:0D:F1:58:5D
Certificate issuer:       /CN=854e8383e8208936802362a09f36085a50fcd85a
Certificate serial:       018CC349123AB6FA849AD1885BA6FA080A84
Authority key identifier: 85:4E:83:83:E8:20:89:36:80:23:62:A0:9F:36:08:5A:50:FC:D8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/sbnQW6oPMIiNUyJZFdoKMg3xWF0.roa
Signing time:             Mon 01 Jan 2024 04:29:55 +0000
ROA not before:           Mon 01 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        137.56.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:12:3a:b6:fa:84:9a:d1:88:5b:a6:fa:08:0a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854e8383e8208936802362a09f36085a50fcd85a
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1b9d05baa0f30888d53225915da0a320df1585d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:43:b3:fb:ab:90:71:6e:ee:15:92:f8:57:88:
                    7a:76:90:8e:60:c7:2c:e9:46:81:ef:75:83:c4:53:
                    40:eb:63:ca:11:63:05:ad:48:29:9c:0e:91:d7:32:
                    e5:38:ac:0f:70:69:b7:76:56:7f:a5:17:0f:8e:12:
                    b1:55:25:7d:96:44:3f:f6:b9:a2:29:b3:21:78:3d:
                    91:c6:1e:3d:8c:5e:3b:7c:65:89:6f:47:60:9c:bd:
                    fa:df:a7:4d:41:0b:74:f5:9e:6a:e5:06:65:39:a8:
                    74:ab:41:67:8e:5a:04:a9:88:d8:f6:50:3c:76:03:
                    c6:cd:66:ac:06:44:d0:84:32:80:64:9c:d4:e0:b3:
                    1e:9e:75:06:69:90:b0:16:ba:24:e0:54:59:40:a5:
                    81:2c:dd:5f:f6:50:03:61:39:3b:db:4a:09:ef:96:
                    6a:ed:c3:d7:38:1a:bb:a4:18:cd:9d:e4:ee:42:10:
                    0d:af:16:f0:ca:b5:1f:c9:9a:30:e5:cc:05:72:ef:
                    6d:7e:ef:e0:c8:47:26:4b:66:29:8a:be:f7:f8:82:
                    0d:71:6a:f1:32:ac:66:a0:4e:a7:b5:98:ab:b3:6b:
                    52:05:f8:0f:d1:71:6c:9f:c3:a5:fa:f9:11:48:9d:
                    a6:1b:4e:60:df:c3:5f:2b:0d:2e:6d:0f:2e:48:31:
                    9f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B9:D0:5B:AA:0F:30:88:8D:53:22:59:15:DA:0A:32:0D:F1:58:5D
            X509v3 Authority Key Identifier:
                keyid:85:4E:83:83:E8:20:89:36:80:23:62:A0:9F:36:08:5A:50:FC:D8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/sbnQW6oPMIiNUyJZFdoKMg3xWF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6c:85:89:cf:bc:74:dd:40:86:31:9e:21:56:ed:c2:bc:45:be:
         36:a6:ad:da:fa:03:56:0e:e3:6f:b7:4b:d1:ba:ef:ed:0c:0a:
         5b:12:6b:d7:f7:4c:f1:5c:8b:ca:75:f4:47:16:96:7f:5e:74:
         90:ae:07:08:45:8a:7b:cd:27:9d:47:a2:72:91:8d:2d:32:c6:
         da:cc:79:43:e8:9c:ef:9a:60:bf:c3:b0:78:11:de:d6:0d:df:
         4c:e9:41:86:f5:9e:64:57:1a:3f:6e:dd:d4:a1:2d:f5:99:80:
         2d:7a:a7:08:3c:c0:ad:d2:f6:e4:06:93:ae:0d:4e:64:40:76:
         56:95:55:b0:c8:60:18:f2:1b:89:85:90:17:2a:a5:74:63:f5:
         6e:64:cd:fc:fa:06:7e:15:e1:28:c6:b4:b7:95:32:b7:ce:5d:
         64:d0:84:4d:a7:42:26:6e:00:ec:69:c4:4e:3a:4a:5c:b4:52:
         a3:90:7f:c1:f4:63:ed:c8:f0:97:8c:97:78:ab:44:65:14:2e:
         62:91:7e:84:58:f1:52:e8:fd:0c:82:bb:c7:b5:2e:c6:a5:11:
         26:ab:92:fb:19:27:c1:e4:03:2f:5a:dd:c8:35:b8:b8:66:8f:
         7a:1e:11:13:eb:76:bd:0e:14:ce:36:fa:43:00:ca:cf:47:7b:
         7d:79:31:82
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSRI6tvqEmtGIW6b6CAqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGU4MzgzZTgyMDg5MzY4MDIzNjJhMDlmMzYwODVhNTBm
Y2Q4NWEwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI5ZDA1YmFhMGYzMDg4OGQ1MzIyNTkxNWRhMGEzMjBkZjE1ODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikOz+6uQcW7uFZL4V4h6dpCOYMcs
6UaB73WDxFNA62PKEWMFrUgpnA6R1zLlOKwPcGm3dlZ/pRcPjhKxVSV9lkQ/9rmi
KbMheD2Rxh49jF47fGWJb0dgnL3636dNQQt09Z5q5QZlOah0q0FnjloEqYjY9lA8
dgPGzWasBkTQhDKAZJzU4LMennUGaZCwFrok4FRZQKWBLN1f9lADYTk720oJ75Zq
7cPXOBq7pBjNneTuQhANrxbwyrUfyZow5cwFcu9tfu/gyEcmS2Ypir73+IINcWrx
MqxmoE6ntZirs2tSBfgP0XFsn8Ol+vkRSJ2mG05g38NfKw0ubQ8uSDGfBwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLG50FuqDzCIjVMiWRXaCjIN8VhdMB8GA1UdIwQY
MBaAFIVOg4PoIIk2gCNioJ82CFpQ/NhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFU2RGctZ2dpVGFBSTJLZ256WUlXbEQ4MkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lMWVkYWItMjQzOS00YTdjLTk4NGMt
ZTZmZjdjYTNlY2VmLzEvc2JuUVc2b1BNSWlOVXlKWkZkb0tNZzN4V0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lMWVkYWItMjQzOS00YTdjLTk4NGMtZTZmZjdjYTNlY2Vm
LzEvaFU2RGctZ2dpVGFBSTJLZ256WUlXbEQ4MkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiTgwDQYJ
KoZIhvcNAQELBQADggEBAGyFic+8dN1AhjGeIVbtwrxFvjamrdr6A1YO42+3S9G6
7+0MClsSa9f3TPFci8p19EcWln9edJCuBwhFinvNJ51HonKRjS0yxtrMeUPonO+a
YL/DsHgR3tYN30zpQYb1nmRXGj9u3dShLfWZgC16pwg8wK3S9uQGk64NTmRAdlaV
VbDIYBjyG4mFkBcqpXRj9W5kzfz6Bn4V4SjGtLeVMrfOXWTQhE2nQiZuAOxpxE46
Sly0UqOQf8H0Y+3I8JeMl3irRGUULmKRfoRY8VLo/QyCu8e1LsalESarkvsZJ8Hk
Ay9a3cg1uLhmj3oeERPrdr0OFM42+kMAys9He315MYI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:54 2024 by rpki-client on console-fra.rpki-client.org